The other night* as I was in the checkout line at Bed Bath & Beyond I saw what I thought must be the dumbest product in the store: the GoJo Hands Free Headset.
For $10 you get two headbands with suction cups. You use them to strap your cell phone to your head for convenient hands-free talking. Go check out their site. It’s hilarious; you don’t need me to make the jokes for you.
Then I saw something even worse. The Personal Internet Address & Password Log Book is a handy little book that lets you “keep favorite website addresses, usernames, and passwords in one easy, convenient place!”:
Here’s how the publisher describes this book:
Are you tired of losing track of those login/usernames and passwords you create every time you visit a new Web site? Do you have sticky notes and scraps of paper scattered about your office and home computer space covered with these vital pieces of information, but never seem to be able to put your hands on them when you need them? Now you can keep important Web site addresses, usernames, and passwords in one convenient place! Introducing the Personal Internet Address & Password Log Book! This time-saving, headache-preventing little organizer features: Lots of space—144 pages, including tabbed alphabetical pages. Plenty of room for all those Web site addresses, usernames, passwords, and additional notes. A spiral binding that allows pages to lie flat for ease of use. Handy elastic band closure. Pages in the back on which to record additional useful information, such as your home network configuration, software license numbers, and other notes. Removable label and discreet cover design
Here’s what it looks like inside:
This Amazon review covers most of the points that come up in the other (mostly 5-star) reviews for this book:
The number of websites that I access for which I need to enter login information has skyrocketed, and there have not been any easy ways of keeping track of all of them. Using the same password can be very insecure, and keeping a list of all of them in a file on your computer is also not very prudent. Sometimes, the simplest solution might be the best one, and writing all those login handles and password into a single logbook seems very smart. It also helps with retrieving the information, as I it’s still more intuitive for me to flip through pages than go through files and directories on my computer….The only problem that I have with a physical password logbook is that many sites require you to change your password on a regular basis, which may cause you to either run out of space for a few entries or have to re-enter them from scratch. I don’t think that there will ever be a perfect solution for the password proliferation, but as far as I am concerned this small logbook comes very close.
The most surprising thing about this review is that the reviewer is not a technologically-clueless old person but, according to him, a relatively young theoretical physicist.
Most of you understand why this is a dumb product. If, on the other hand, you’re thinking, “wow, that’s a great idea!,” let me explain to you why it’s not.
Before we even get to the security implications, consider the sheer technological backwardness of it. If you’ve embraced technology enough that you have this many passwords to keep track of, it’s time to make the leap and learn a little about what your computer can do for you. Discover the magic of copy/paste, which is a whole lot easier and less error-prone than typing in this information every time you need it.
The “only problem” this review cited was the fact that you might run out of space for all your passwords. Another reviewer has thought things through a little more thoroughly (but still gives it a 5-star review):
It’s set up very nicely, but my only worry is that I’ll misplace this after I become dependent on it.
May I suggest that this is not an insignificant worry? The time you spent laboriously copying all of your account information into this book by hand is nothing compared to the effort that will be required when you lose it, to reset/retrieve your password for all those accounts, and cancel your credit cards for good measure.
People are excited that it’s so portable:
The logbook comes in very handy. It’s small enough to take with you. It holds a bevy of information, which is great.
That is great. Great for the criminal who gets this as a bonus when he steals your purse or laptop, or picks it up when you accidentally leave it behind on the train. This book is an instruction manual for stealing your money and taking over your online life. If you use the book at home, as a replacement for all those “sticky notes and scraps of paper,” then it’s no less secure than the “system” you’re already using, and it is a step up in convenience. But if you are carrying it around with you, you are a fool. As the only sensible reviewer of the product said,
People you would be better off leaving your cash, credit cards, social security card along with your ATM card and pin number out in the open. If someone gets their hands on this book then you’re screwed!
In fact there are many easy and secure ways of keeping track of all those passwords: programs designed to do exactly that have been widely available since long before the average computer user had enough passwords to keep track of that they needed such a thing, and there are now Web services that do the same thing. These programs use a master password to encrypt all of your information, so as long as you choose a good master password, your data is safe (safer than it is in a little book you carry around with you, anyway). And you won’t lose it because you can back it up with the rest of your important computer data. You are backing up your important computer data, right?
One of the reviews of the password book led me to the Healthy Passwords Web site (and book). The author explains the importance of good passwords and presents a system for creating and keeping track (using “your brain and a system”) of strong and unique passwords. It’s an informative site, and a nice idea for a password-creation scheme, but my reaction is the same as my reaction to the password logbook: technology provides a better solution in the form of a password management program or online service.
At the risk of turning this post into something more than breezy mockery, let me digress for a few minutes to offer some advice.
Whatever system you use for creating and tracking your passwords, you need to have strong passwords, and you need to use different passwords for different sites. Web sites get hacked into all the time, and when this happens the hackers are looking not just for credit card numbers but for user IDs and passwords. A good Web site stores your password in a form that makes it impossible to recover, but most sites are not good, leaving your password vulnerable to being stolen.§ Since your e-mail address is also your user ID at most sites, once the hacker has stolen that information from one site they can go try out the user ID and password at other likely sites. If you use a password at more than one site, then all of the accounts are as vulnerable as the least secure of them, and you should assume that’s not very secure.
For example, suppose you went to Lifehacker.com once, long ago, and registered on the site in order to leave a comment on some article there. You used the same e-mail address and password that you use everywhere, including your Gmail account, Amazon, and your online banking site. By December 2010, you had long since forgotten that you ever registered at the site. In that month, Lifehacker and all the other sites run by Gawker Media were hacked, and the account information for all the registered users was stolen. The hackers then posted this information on the Internet for anyone to use. Armed with your e-mail address and Lifehacker password, it’s a simple thing to go try the same logon information at the sites of major banks and online services.
If you’re using a password manager, it’s a simple thing to use a unique, randomly-generated password for every site you register at. If that’s more than you want to manage, you must at least have a unique password for every login account that matters–your bank accounts, e-mail account, Amazon account, etc. If you want to use the same password for all the unimportant sites you register at, that’s OK. If someone steals your password from Lifehacker and uses it to post snarky comments here at Bill’s Head, that’s not the end of the world. But if they steal your password from Lifehacker and use it to drain your bank account or erase your e-mail archive, that’s another story.
For just such a story, you can read James Fallows’s article “Hacked!” in The Atlantic, which describes what happened when hackers broke into his wife’s Gmail account and, after sending scam e-mails to all of her contacts, deleted her entire e-mail archive.
That last part is important. Google and many other providers of “free” online services do not make any provision for backing up and restoring the data of a single individual.** If your data gets deleted (by you, by hackers, by little computer gnomes), it’s entirely possible that you will never see it again. If you are entrusting important information to an online service, you should make certain you understand what, if anything, they are doing to back it up, and you should back it up yourself if they’re not doing so.
All of you who are feeding your lives into Facebook should think hard about this point. Facebook is a walled-off system. It provides no way for you to back up your data, or to export it and take it somewhere else. What happens if someone gets control of your account and deletes it? Or if the Next Big Thing comes along and you want to move your life story and all your pictures there? Or if Facebook just shuts down one day? If everything you’ve ever posted on Facebook is so banal that you don’t care if you never see it again, then you have nothing to worry about. But if Facebook is your digital scrapbook and you want to retain some of this for posterity, you should be worried.
Meanwhile, I’m just glad that the woman who wrote this review of the password logbook is not my mother:
I purchased these log books as stocking stuffers for my adult children. Sadly, one of them was severely damaged. I would like to receive a replacement log book.
Please, mom: don’t get me this for Christmas.